SlideShare une entreprise Scribd logo

Automate PII Assessments with PIAMS

The Canton Group
The Canton Group

The document discusses the Privacy Impact Assessment Management System (PIAMS) developed by The Canton Group to improve the privacy impact assessment (PIA) process for federal agencies. PIAMS automates the collection, storage, and review of PIA documents to reduce costs and improve transparency. It replaces manual PIA processes and filing with a web-based system. The Internal Revenue Service successfully implemented PIAMS, reducing the time to complete PIAs by a factor of 10 and decreasing labor hours.

Technologie
1  sur  10
Télécharger pour lire hors ligne
1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by www.cantongroup.com Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111 www.cantongroup.com
2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles. www.cantongroup.com
3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process. www.cantongroup.com
4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements www.cantongroup.com
5 Process Flow www.cantongroup.com
6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008 www.cantongroup.com
7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security) www.cantongroup.com
8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10. www.cantongroup.com
9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor www.cantongroup.com
10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy cforhan@cantongroup.com Ed Peck, Senior Security Engineer CISSP epeck@cantongroup.com Or call 410-675-5708 x7117 www.cantongroup.com

Recommandé

Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Atlantic Security Conference
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPRMyComplianceOffice
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 

Recommandé

Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Atlantic Security Conference
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPRMyComplianceOffice
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacyrajab ssemwogerere
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentialsCraig Mullins
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projectsMRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)MRS
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersBrightPay Payroll and Auto Enrolment Software
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Integrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentIntegrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentJeremy Hilton
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 

Contenu connexe

Tendances

Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentialsCraig Mullins
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projectsMRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)MRS
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 

Tendances (20)

Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 

En vedette

Integrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentIntegrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentJeremy Hilton
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuart Millar
 
Privacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologiesPrivacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologiesMensah Sitti
 
Brussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACKBrussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACKTrilateral Research
 
Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'SSoujanya
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal datamohd kamal
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Atlantic Security Conference
 
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...Lilian Edwards
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyCharles Mok
 

En vedette (20)

Integrated Privacy Impact Assessment
Integrated Privacy Impact AssessmentIntegrated Privacy Impact Assessment
Integrated Privacy Impact Assessment
 
Trackment
TrackmentTrackment
Trackment
 
opncc_certificate
opncc_certificateopncc_certificate
opncc_certificate
 
iTrack WP3 workshop
iTrack WP3 workshopiTrack WP3 workshop
iTrack WP3 workshop
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal Data
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIA
 
Privacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologiesPrivacy in Computing - Impact on emerging technologies
Privacy in Computing - Impact on emerging technologies
 
Brussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACKBrussels Privacy Hub: SATORI and iTRACK
Brussels Privacy Hub: SATORI and iTRACK
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'Impact of CCTV on 'Right to Privacy'
Impact of CCTV on 'Right to Privacy'
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011
 
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
 
WRC Newsletter Feb 2013
WRC Newsletter Feb 2013WRC Newsletter Feb 2013
WRC Newsletter Feb 2013
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and Privacy
 
opncc_certificate SALES
opncc_certificate SALESopncc_certificate SALES
opncc_certificate SALES
 
opncc_certificate EBS
opncc_certificate EBSopncc_certificate EBS
opncc_certificate EBS
 

Similaire à Automate PII Assessments with PIAMS

Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLJim Kaplan CIA CFE
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management ArchitecturePradeep Ballal
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016Thierry RAMON
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016Thierry RAMON
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Eraaccenture
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches Jim Kaplan CIA CFE
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan JonesAIIM International
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docxMARRY7
 
Analytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An OverviewAnalytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An OverviewRick Berzle
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisPredicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisBooz Allen Hamilton
 
HyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalyticsHyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalyticsJerry Jermann
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 

Similaire à Automate PII Assessments with PIAMS (20)

NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
 
Building Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACLBuilding Simple Continuous Reviews in ACL
Building Simple Continuous Reviews in ACL
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management Architecture
 
Data Management Strategy
Data Management StrategyData Management Strategy
Data Management Strategy
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Era
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
 
Rajasekkar
RajasekkarRajasekkar
Rajasekkar
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx
 
Analytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An OverviewAnalytic Predictions for IT Operations: An Overview
Analytic Predictions for IT Operations: An Overview
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Beatrice s prunotto_resume_text
Beatrice s prunotto_resume_textBeatrice s prunotto_resume_text
Beatrice s prunotto_resume_text
 
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisPredicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
 
HyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalyticsHyperconvergedFantasyAnalytics
HyperconvergedFantasyAnalytics
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Automate PII Assessments with PIAMS

  • 1. 1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by www.cantongroup.com Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111 www.cantongroup.com
  • 2. 2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles. www.cantongroup.com
  • 3. 3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process. www.cantongroup.com
  • 4. 4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements www.cantongroup.com
  • 6. 6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008 www.cantongroup.com
  • 7. 7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security) www.cantongroup.com
  • 8. 8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10. www.cantongroup.com
  • 9. 9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor www.cantongroup.com
  • 10. 10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy cforhan@cantongroup.com Ed Peck, Senior Security Engineer CISSP epeck@cantongroup.com Or call 410-675-5708 x7117 www.cantongroup.com